Skip to content

Ignore domain validation for api scans

Cameron Swords requested to merge ignore-domain-validation-for-api-scans into master

What does this MR do?

Domain validation is used as a fail safe to ensure that domains that don't want to be scanned will not be scanned by DAST. This doesn't work for API scanning:

  • The DAST_WEBSITE url will be a file, or a URL to a specification. This is not the same as the target API service.
  • Using default behaviour, the site that hosts the specification will be the one tested for domain validation.
  • This MR explicitly turns the check off for API scans. An issue will be created to add the functionality for API scans.

What are the relevant issue numbers?

gitlab-org/gitlab#10928 (closed)

Does this MR meet the acceptance criteria?

Merge request reports

Loading